From a15eeb30217573cd4246f192f139688a99cb31bd Mon Sep 17 00:00:00 2001 From: "Alexey A. Leonov" Date: Thu, 26 Sep 2024 10:03:15 +0700 Subject: [PATCH 1/6] fixed exec issue for restricted systems --- Dockerfile | 3 ++- docker/app/dashboard.sh | 2 +- docker/entrypoint | 24 ++++++++++++++++++------ 3 files changed, 21 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6313bc2..13638b7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -37,4 +37,5 @@ ENV ADDRESS="" \ SETUP="false" \ AUTO_UPDATE="true" \ LOG_LEVEL="" \ - BINARY_DIR="/app/config/bin" + BINARY_DIR="/app/bin" \ + BINARY_STORE="/app/config/bin" diff --git a/docker/app/dashboard.sh b/docker/app/dashboard.sh index 1a57dd3..785c6c7 100755 --- a/docker/app/dashboard.sh +++ b/docker/app/dashboard.sh @@ -1,5 +1,5 @@ #!/bin/sh -BINARY_DIR=${BINARY_DIR:-/app/config/bin} +BINARY_DIR=${BINARY_DIR:-/app/bin} ${BINARY_DIR}/storagenode dashboard --config-dir /app/config --identity-dir /app/identity $@ \ No newline at end of file diff --git a/docker/entrypoint b/docker/entrypoint index 36ec1d3..17237ad 100755 --- a/docker/entrypoint +++ b/docker/entrypoint @@ -1,7 +1,8 @@ #!/bin/bash set -euo pipefail -BINARY_DIR=${BINARY_DIR:-/app/config/bin} +BINARY_DIR=${BINARY_DIR:-/app/bin} +BINARY_STORE=${BINARY_STORE:-/app/config/bin} get_default_url() { process=$1 @@ -9,20 +10,27 @@ get_default_url() { wget -O- "${VERSION_SERVER_URL}/processes/${process}/${version}/url?os=linux&arch=${GOARCH}" } +copy_binary() { + binary=$1 + mkdir -p "${BINARY_DIR}" + cp "${BINARY_STORE}/${binary}" "${BINARY_DIR}/${binary}" + chmod u+x "${BINARY_DIR}/${binary}" +} + get_binary() { binary=$1 url=$2 wget -O "/tmp/${binary}.zip" "${url}" - mkdir -p "${BINARY_DIR}" - unzip -p "/tmp/${binary}.zip" > "${BINARY_DIR}/${binary}" + mkdir -p "${BINARY_STORE}" + unzip -p "/tmp/${binary}.zip" > "${BINARY_STORE}/${binary}" rm "/tmp/${binary}.zip" - chmod u+x "${BINARY_DIR}/${binary}" + copy_binary $binary } # install storagenode and storagenode-updater binaries # during run of the container to not to release new docker image # on each new version of the storagenode binary. -if [ ! -f "${BINARY_DIR}/storagenode-updater" ]; then +if [ ! -f "${BINARY_STORE}/storagenode-updater" ]; then echo "downloading storagenode-updater" get_binary storagenode-updater "$(get_default_url storagenode-updater minimum)" @@ -34,9 +42,11 @@ if [ ! -f "${BINARY_DIR}/storagenode-updater" ]; then echo "updating storagenode-updater" get_binary storagenode-updater "$(get_default_url storagenode-updater suggested)" fi +else + copy_binary storagenode-updater fi -if [ ! -f "${BINARY_DIR}/storagenode" ]; then +if [ ! -f "${BINARY_STORE}/storagenode" ]; then echo "downloading storagenode" if ${BINARY_DIR}/storagenode-updater should-update storagenode \ @@ -48,6 +58,8 @@ if [ ! -f "${BINARY_DIR}/storagenode" ]; then else get_binary storagenode "$(get_default_url storagenode minimum)" fi +else + copy_binary storagenode fi SUPERVISOR_SERVER="${SUPERVISOR_SERVER:-unix}" From 2965f81a7190fe069c26c0965811f17feace2a14 Mon Sep 17 00:00:00 2001 From: "Alexey A. Leonov" Date: Sat, 28 Sep 2024 10:36:21 +0700 Subject: [PATCH 2/6] fixed the case with the older version in storage --- docker/entrypoint | 41 +++++++++++++++++------------------------ 1 file changed, 17 insertions(+), 24 deletions(-) diff --git a/docker/entrypoint b/docker/entrypoint index 17237ad..06cfb67 100755 --- a/docker/entrypoint +++ b/docker/entrypoint @@ -24,7 +24,20 @@ get_binary() { mkdir -p "${BINARY_STORE}" unzip -p "/tmp/${binary}.zip" > "${BINARY_STORE}/${binary}" rm "/tmp/${binary}.zip" - copy_binary $binary +} + +should_update() { + binary=$1 + copy_binary ${binary} + if ${BINARY_DIR}/storagenode-updater should-update ${binary} \ + --binary-location "${BINARY_DIR}/${binary}" \ + --identity-dir identity \ + --version.server-address="${VERSION_SERVER_URL}" 2>/dev/null + then + echo "downloading ${binary}" + get_binary ${binary} "$(get_default_url ${binary} suggested)" + copy_binary ${binary} + fi } # install storagenode and storagenode-updater binaries @@ -33,34 +46,14 @@ get_binary() { if [ ! -f "${BINARY_STORE}/storagenode-updater" ]; then echo "downloading storagenode-updater" get_binary storagenode-updater "$(get_default_url storagenode-updater minimum)" - - if ${BINARY_DIR}/storagenode-updater should-update storagenode-updater \ - --binary-location "${BINARY_DIR}/storagenode-updater" \ - --identity-dir identity \ - --version.server-address="${VERSION_SERVER_URL}" 2>/dev/null - then - echo "updating storagenode-updater" - get_binary storagenode-updater "$(get_default_url storagenode-updater suggested)" - fi -else - copy_binary storagenode-updater fi +should_update storagenode-updater if [ ! -f "${BINARY_STORE}/storagenode" ]; then echo "downloading storagenode" - - if ${BINARY_DIR}/storagenode-updater should-update storagenode \ - --binary-location "${BINARY_DIR}/storagenode" \ - --identity-dir identity \ - --version.server-address="${VERSION_SERVER_URL}" 2>/dev/null - then - get_binary storagenode "$(get_default_url storagenode suggested)" - else - get_binary storagenode "$(get_default_url storagenode minimum)" - fi -else - copy_binary storagenode + get_binary storagenode "$(get_default_url storagenode minimum)" fi +should_update storagenode SUPERVISOR_SERVER="${SUPERVISOR_SERVER:-unix}" From 764a6f4ff83433db80892baba73d1db1df255770 Mon Sep 17 00:00:00 2001 From: "Alexey A. Leonov" Date: Sat, 28 Sep 2024 14:41:31 +0700 Subject: [PATCH 3/6] fixed the case if the suggested version is not allowed yet --- docker/entrypoint | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/docker/entrypoint b/docker/entrypoint index 06cfb67..db8ba51 100755 --- a/docker/entrypoint +++ b/docker/entrypoint @@ -29,15 +29,19 @@ get_binary() { should_update() { binary=$1 copy_binary ${binary} - if ${BINARY_DIR}/storagenode-updater should-update ${binary} \ - --binary-location "${BINARY_DIR}/${binary}" \ - --identity-dir identity \ - --version.server-address="${VERSION_SERVER_URL}" 2>/dev/null - then - echo "downloading ${binary}" - get_binary ${binary} "$(get_default_url ${binary} suggested)" - copy_binary ${binary} - fi + for version in minimum suggested; do + if ${BINARY_DIR}/storagenode-updater should-update ${binary} \ + --binary-location "${BINARY_DIR}/${binary}" \ + --identity-dir identity \ + --version.server-address="${VERSION_SERVER_URL}" 2>/dev/null + then + echo "downloading ${binary}" + get_binary ${binary} "$(get_default_url ${binary} ${version})" + copy_binary ${binary} + else + break + fi + done } # install storagenode and storagenode-updater binaries From 719bde7cf84e3615a0c1c411284e771c068cd94e Mon Sep 17 00:00:00 2001 From: "Alexey A. Leonov" Date: Wed, 2 Oct 2024 10:52:28 +0700 Subject: [PATCH 4/6] added support of --binary-store-dir parameter in storagenode-updater --- docker/entrypoint | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/docker/entrypoint b/docker/entrypoint index db8ba51..be63ac8 100755 --- a/docker/entrypoint +++ b/docker/entrypoint @@ -47,17 +47,13 @@ should_update() { # install storagenode and storagenode-updater binaries # during run of the container to not to release new docker image # on each new version of the storagenode binary. -if [ ! -f "${BINARY_STORE}/storagenode-updater" ]; then - echo "downloading storagenode-updater" - get_binary storagenode-updater "$(get_default_url storagenode-updater minimum)" -fi -should_update storagenode-updater - -if [ ! -f "${BINARY_STORE}/storagenode" ]; then - echo "downloading storagenode" - get_binary storagenode "$(get_default_url storagenode minimum)" -fi -should_update storagenode +for binary in storagenode-updater storagenode; do + if [ ! -f "${BINARY_STORE}/${binary}" ]; then + echo "downloading ${binary}" + get_binary ${binary} "$(get_default_url ${binary} minimum)" + fi + should_update ${binary} +done SUPERVISOR_SERVER="${SUPERVISOR_SERVER:-unix}" @@ -100,7 +96,7 @@ if [ "${SETUP:-}" = "true" ]; then exec ${BINARY_DIR}/storagenode setup ${SNO_RUN_PARAMS} ${*} else sed -i \ - "s#^command=/app/bin/storagenode-updater\$#command=${BINARY_DIR}/storagenode-updater run --binary-location ${BINARY_DIR}/storagenode ${RUN_PARAMS} #" \ + "s#^command=/app/bin/storagenode-updater\$#command=${BINARY_DIR}/storagenode-updater run --binary-location ${BINARY_DIR}/storagenode --binary-store-dir ${BINARY_STORE}/storagenode ${RUN_PARAMS} #" \ /etc/supervisor/supervisord.conf sed -i \ From 96688a4961bd287cad095de27fb100d278554051 Mon Sep 17 00:00:00 2001 From: "Alexey A. Leonov" Date: Wed, 2 Oct 2024 10:58:06 +0700 Subject: [PATCH 5/6] it should be a folder, not a binary --- docker/entrypoint | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/entrypoint b/docker/entrypoint index be63ac8..405be7f 100755 --- a/docker/entrypoint +++ b/docker/entrypoint @@ -96,7 +96,7 @@ if [ "${SETUP:-}" = "true" ]; then exec ${BINARY_DIR}/storagenode setup ${SNO_RUN_PARAMS} ${*} else sed -i \ - "s#^command=/app/bin/storagenode-updater\$#command=${BINARY_DIR}/storagenode-updater run --binary-location ${BINARY_DIR}/storagenode --binary-store-dir ${BINARY_STORE}/storagenode ${RUN_PARAMS} #" \ + "s#^command=/app/bin/storagenode-updater\$#command=${BINARY_DIR}/storagenode-updater run --binary-location ${BINARY_DIR}/storagenode --binary-store-dir ${BINARY_STORE} ${RUN_PARAMS} #" \ /etc/supervisor/supervisord.conf sed -i \ From bb4ca65608c27d76cd68dfe635bded6a29270348 Mon Sep 17 00:00:00 2001 From: "Alexey A. Leonov" Date: Thu, 3 Oct 2024 13:55:16 +0700 Subject: [PATCH 6/6] removed $BINARY_DIR * renamed $BINARY_STORE to $BINARY_STORE_DIR to be similar to the option name --- Dockerfile | 3 +-- docker/app/dashboard.sh | 4 ++-- docker/entrypoint | 27 +++++++++++++-------------- 3 files changed, 16 insertions(+), 18 deletions(-) diff --git a/Dockerfile b/Dockerfile index 13638b7..78df2f2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -37,5 +37,4 @@ ENV ADDRESS="" \ SETUP="false" \ AUTO_UPDATE="true" \ LOG_LEVEL="" \ - BINARY_DIR="/app/bin" \ - BINARY_STORE="/app/config/bin" + BINARY_STORE_DIR="/app/config/bin" diff --git a/docker/app/dashboard.sh b/docker/app/dashboard.sh index 785c6c7..3e1ecfd 100755 --- a/docker/app/dashboard.sh +++ b/docker/app/dashboard.sh @@ -1,5 +1,5 @@ #!/bin/sh -BINARY_DIR=${BINARY_DIR:-/app/bin} +/app/bin=${/app/bin:-/app/bin} -${BINARY_DIR}/storagenode dashboard --config-dir /app/config --identity-dir /app/identity $@ \ No newline at end of file +/app/bin/storagenode dashboard --config-dir /app/config --identity-dir /app/identity $@ \ No newline at end of file diff --git a/docker/entrypoint b/docker/entrypoint index 405be7f..f497c2e 100755 --- a/docker/entrypoint +++ b/docker/entrypoint @@ -1,8 +1,7 @@ #!/bin/bash set -euo pipefail -BINARY_DIR=${BINARY_DIR:-/app/bin} -BINARY_STORE=${BINARY_STORE:-/app/config/bin} +BINARY_STORE_DIR=${BINARY_STORE_DIR:-/app/config/bin} get_default_url() { process=$1 @@ -12,17 +11,17 @@ get_default_url() { copy_binary() { binary=$1 - mkdir -p "${BINARY_DIR}" - cp "${BINARY_STORE}/${binary}" "${BINARY_DIR}/${binary}" - chmod u+x "${BINARY_DIR}/${binary}" + mkdir -p "/app/bin" + cp "${BINARY_STORE_DIR}/${binary}" "/app/bin/${binary}" + chmod u+x "/app/bin/${binary}" } get_binary() { binary=$1 url=$2 wget -O "/tmp/${binary}.zip" "${url}" - mkdir -p "${BINARY_STORE}" - unzip -p "/tmp/${binary}.zip" > "${BINARY_STORE}/${binary}" + mkdir -p "${BINARY_STORE_DIR}" + unzip -p "/tmp/${binary}.zip" > "${BINARY_STORE_DIR}/${binary}" rm "/tmp/${binary}.zip" } @@ -30,8 +29,8 @@ should_update() { binary=$1 copy_binary ${binary} for version in minimum suggested; do - if ${BINARY_DIR}/storagenode-updater should-update ${binary} \ - --binary-location "${BINARY_DIR}/${binary}" \ + if /app/bin/storagenode-updater should-update ${binary} \ + --binary-location "/app/bin/${binary}" \ --identity-dir identity \ --version.server-address="${VERSION_SERVER_URL}" 2>/dev/null then @@ -48,7 +47,7 @@ should_update() { # during run of the container to not to release new docker image # on each new version of the storagenode binary. for binary in storagenode-updater storagenode; do - if [ ! -f "${BINARY_STORE}/${binary}" ]; then + if [ ! -f "${BINARY_STORE_DIR}/${binary}" ]; then echo "downloading ${binary}" get_binary ${binary} "$(get_default_url ${binary} minimum)" fi @@ -92,15 +91,15 @@ if [ -n "${LOG_LEVEL:-}" ]; then fi if [ "${SETUP:-}" = "true" ]; then - echo "Running ${BINARY_DIR}/storagenode setup $SNO_RUN_PARAMS ${*}" - exec ${BINARY_DIR}/storagenode setup ${SNO_RUN_PARAMS} ${*} + echo "Running /app/bin/storagenode setup $SNO_RUN_PARAMS ${*}" + exec /app/bin/storagenode setup ${SNO_RUN_PARAMS} ${*} else sed -i \ - "s#^command=/app/bin/storagenode-updater\$#command=${BINARY_DIR}/storagenode-updater run --binary-location ${BINARY_DIR}/storagenode --binary-store-dir ${BINARY_STORE} ${RUN_PARAMS} #" \ + "s#^command=/app/bin/storagenode-updater\$#command=/app/bin/storagenode-updater run --binary-location /app/bin/storagenode --binary-store-dir ${BINARY_STORE_DIR} ${RUN_PARAMS} #" \ /etc/supervisor/supervisord.conf sed -i \ - "s#^command=/app/bin/storagenode\$#command=${BINARY_DIR}/storagenode run ${SNO_RUN_PARAMS} ${*}#" \ + "s#^command=/app/bin/storagenode\$#command=/app/bin/storagenode run ${SNO_RUN_PARAMS} ${*}#" \ /etc/supervisor/supervisord.conf # remove explicit user flag when container is run as non-root